China's Cybersecurity Law

Companies operating in China should take swift actions now to assess their specific obligations under the CSL and other related regulations and adopt a comprehensive approach to mitigate the compliance risks.

China’s new Cybersecurity Law (CSL) was passed November 7, 2016, and came into force June 1, 2017. As the nation’s first comprehensive privacy and security regulation for cyberspace, the CSL imposes paradigm-shifting requirements such as data localization. Together with a dozen other related legislations, guidelines, and industrial standards already released or being drafted, the CSL will present an unprecedented challenge for international businesses with operations in China.

The path to CSL compliance is not straightforward. The Chinese legislative and enforcement style creates confusion and misunderstandings, and sometimes false hopes, for Western companies. Despite this environment of uncertainty and change, the Chinese authority has already begun initiating enforcement actions for CSL violations. The same is expected when the data localization provision goes into effect on December 31, 2018.